0

Is it possible to sniff a specific port on an ip address? If so is there any software available for that?

  • 2
    Local port or remote? You're only going to be able to pick up packets that are being routed past your interface. Most(?) networks are full switched, so you'll only see what's legitimately destined for your host, barring more advanced skills and tools. – pboin Dec 08 '09 at 22:20
  • Do you mean a port on a switch or a tcp/udp port(socket)? – chris Dec 09 '09 at 00:00

3 Answers3

0

There are quite a few products to do that. The most popular, and available for most platforms, is wireshark.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
0

Alternatively, if you prefer using the CLI, you can use tcpdump.

# tcpdump host <foo> and port <bar>
rodjek
  • 3,297
  • 16
  • 14
0

On a network that has a Switch, the switch hardware will filter and protect a computer from being sniffed by a 3rd party.

On the other hand, When a hub receives a packet (chunk) of data (a frame in Ethernet lingo) at one of its ports from a PC on the network, it transmits (repeats) the packet to all of its ports and, thus, to all of the other PCs on the network.

I suspect its possible to sniff 2 computers as a 3rd party if all the computers are connected with a hub (not a switch). I've never tried though.

djangofan
  • 4,172
  • 10
  • 45
  • 59
  • 1
    Under normal circumstances a switch will protect a computer from being sniffed by a 3rd party. However arp poisoning is a fairly easy attack vector to get around that problem. From a network admin point of view you're better off using a mirrored port on a managed switch to sniff traffic on a switch. – 3dinfluence Dec 09 '09 at 01:47
  • i agree. good point. – djangofan Dec 10 '09 at 17:50